TPM Reset Attacks







Risk Rating:


On a PC platform, the TPM chip is connected to the low pin count (LPC) bus, the first bus available at boot time. TPM chips are subject to very simple and effective attacks in which the LRESET# TPM chip pin is physically connected to the electrical ground with a wire. This, in fact, emulates a platform reset (reboot) without actually changing the state of the platform, as the operating system and the applications are still running unaffected. The chip is then reinitialized by reloading the TPM device driver and then sending the startup command, something that is only normally available to the BIOS at boot time. In this state, the PCRs have their default values (e.g., zero), and they can now be extended with the desired value, whereas remote entities that are communicating with the platform cannot see the difference via remote attestation and will trust that the platform has not been reinitialized.

Furthermore, TPM reset attacks affect secrets that have been protected via the sealing mechanism, which extends the binding mechanism. Binding refers to the capability of encrypting data using a key generated and protected by the TPM, whereas sealing adds to this mechanism the possibility of specifying at encryption time what the platform state must be in order to decrypt the data. This attack thus breaks the sealing property because the platform state (as reported by the measurement stored in the PCRs) can be changed to any desired value.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment